1. Field of the Art
Generally, the present application relates to data processing. More specifically, the application is related to single sign-on for enterprise software spanning data centers in different locations.
2. Discussion of the Related Art
Enterprise computer networks are often spread over different data centers. The data centers can be geographically collocated or dispersed. Using single sign-on (SSO), a user can log into one data center and then access other data centers without logging in. For example, SSO allows a user to enter a username/password once in order to gain access to multiple associated resources.
Traditionally, a user's session information is stored as a cookie on the user's client device, and when the user authenticates to a new data center, the cookie is read by a server of the data center. Storing a user's session information in a cookie places restrictions on the domain name server (DNS) domains of the data centers. For example, all the data centers need to share the same top level domain (e.g., Oracle.com) in order for the SSO authentication using the cookie to work properly. Furthermore, the cookies oftentimes include a large amount of data. Large cookies are often broken up into multiple cookies before being transmitted in packets and are then reassembled once they arrive at their destination. This leads to an increase in network traffic, which can cause latency problems. Moreover, managing the multiple cookies can be an onerous task, adding even further to the complexity of the SSO procedure.